Networked computer systems are in wide use. As use of networked computer systems has expanded, a need has developed to control or regulate access to the networks and servers, end stations, or other resources that are coupled to the networks. This problem is particularly acute in the context of institutional use of the global, packet-switched network known as the Internet. While a vast amount of information and executable applications are available online by accessing Internet servers using standard clients and browsers, institutions such as corporations, educational institutions, and government agencies now are seeking greater control over the nature and scope of use of the Internet and its resources by their employees and other users.
Increasingly, institutions desire to permit their employees and other users to access and use only certain servers. Further, these institutions need to permit their employees and other users to use or navigate through the “allowed” servers only in specific ways. In particular, an enterprise may wish to enforce a particular identity or profile for a particular Web site or other network resource. These needs are not adequately addressed by known technology and approaches.
For example, a corporation may wish to require its purchasing agents to use only specific Web servers or other online resources to make purchases on behalf of the company. Also, the corporation may wish to require each user of a particular Web server to navigate the server using a particular series of hyperlinks, commands, or other actions. As a specific example, the institution may wish to require its purchasing agents to use a particular kind of security, a specific authentication method, only a particular corporate credit card account, etc. Thus, the institution may wish to require its employees to use an Internet resource only in a pre-defined, rationalized manner.
Conventional network access control mechanisms rely on control of user names and passwords to govern access, authentication and authorization of users and clients to servers and other resources. However, management of user names and passwords becomes complicated as the number of servers and passwords grows larger.
In response, certain password management mechanisms have become available. For example, World Wide Web browser programs, such as Netscape Communicator and Microsoft Internet Explorer, can save passwords in a static table that is stored on the client computer. The table is indexed by the Uniform Resource Locator (URL) of each server, site, application or resource that the client accesses using the Internet. Each time the client or user accesses an Internet resource that requests a password, the browser checks its password table to determine whether it has a password associated with the URL of the resource. A disadvantage of this mechanism is that the passwords are stored only on one particular client machine. This is inconvenient, because a user must use the same computer to access a particular site using a saved password. If the user connects to the Web using a different computer, the password tables is unavailable and the user is required to re-enter his or her password.
Another similar mechanism is the World Wide Web service “mypassword.net.” This service and others provide a digital keychain service. Using this service, an individual or client may create password information and store it in association with a URL that identifies an Internet resource with which the password information is used. A disadvantage of this mechanism is that each employee of an institution must separately register with the service and store the password information. Different employees will have different passwords, reducing employer control.
A drawback of both these mechanisms is that they are effective only in facilitating access to a particular resource, or pages or applications within the resource; they cannot be used to control a path of navigation within the resource. In the specific context of corporate purchasing, price comparison sites on the Internet provide a way to obtain useful purchase information. However, such sites are not specific to a particular institution, and do not address all purchasing criteria that are important or relevant to the enterprise. Further, such sites do not support a rationalized or scripted method of access.
Based on the foregoing, there is a clear need in this field for improved methods and mechanisms of controlling access to and use of network resources.
There is a particular need for a mechanism of enforcing a pre-defined, rationalized method of use of a network resource, such as an Internet Web site or application program.
There is also a need for a way to enforce a pre-defined navigation path through a network resource in order to maintain control over how the network resource is used and what kind of transactions are carried out using the resource.
Other needs will become apparent from the following description.